<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>Module: AuthenticatedSystem</title>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <meta http-equiv="Content-Script-Type" content="text/javascript" />
  <link rel="stylesheet" href=".././rdoc-style.css" type="text/css" media="screen" />
  <script type="text/javascript">
  // <![CDATA[

  function popupCode( url ) {
    window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
  }

  function toggleCode( id ) {
    if ( document.getElementById )
      elem = document.getElementById( id );
    else if ( document.all )
      elem = eval( "document.all." + id );
    else
      return false;

    elemStyle = elem.style;
    
    if ( elemStyle.display != "block" ) {
      elemStyle.display = "block"
    } else {
      elemStyle.display = "none"
    }

    return true;
  }
  
  // Make codeblocks hidden by default
  document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
  
  // ]]>
  </script>

</head>
<body>



    <div id="classHeader">
        <table class="header-table">
        <tr class="top-aligned-row">
          <td><strong>Module</strong></td>
          <td class="class-name-in-header">AuthenticatedSystem</td>
        </tr>
        <tr class="top-aligned-row">
            <td><strong>In:</strong></td>
            <td>
                <a href="../files/lib/authenticated_system_rb.html">
                lib/authenticated_system.rb
                </a>
        <br />
            </td>
        </tr>

        </table>
    </div>
  <!-- banner header -->

  <div id="bodyContent">



  <div id="contextContent">



   </div>

    <div id="method-list">
      <h3 class="section-bar">Methods</h3>

      <div class="name-list">
      <a href="#M000070">access_denied</a>&nbsp;&nbsp;
      <a href="#M000065">authorized?</a>&nbsp;&nbsp;
      <a href="#M000069">check_administrator_role</a>&nbsp;&nbsp;
      <a href="#M000068">check_role</a>&nbsp;&nbsp;
      <a href="#M000063">current_user</a>&nbsp;&nbsp;
      <a href="#M000064">current_user=</a>&nbsp;&nbsp;
      <a href="#M000076">included</a>&nbsp;&nbsp;
      <a href="#M000062">logged_in?</a>&nbsp;&nbsp;
      <a href="#M000078">login_from_basic_auth</a>&nbsp;&nbsp;
      <a href="#M000079">login_from_cookie</a>&nbsp;&nbsp;
      <a href="#M000077">login_from_session</a>&nbsp;&nbsp;
      <a href="#M000066">login_required</a>&nbsp;&nbsp;
      <a href="#M000067">not_logged_in_required</a>&nbsp;&nbsp;
      <a href="#M000071">permission_denied</a>&nbsp;&nbsp;
      <a href="#M000074">redirect_back_or_default</a>&nbsp;&nbsp;
      <a href="#M000075">redirect_to_referer_or_default</a>&nbsp;&nbsp;
      <a href="#M000072">store_location</a>&nbsp;&nbsp;
      <a href="#M000073">store_referer</a>&nbsp;&nbsp;
      </div>
    </div>

  </div>


    <!-- if includes -->

    <div id="section">





      


    <!-- if method_list -->
    <div id="methods">
      <h3 class="section-bar">Protected Class methods</h3>

      <div id="method-M000076" class="method-detail">
        <a name="M000076"></a>

        <div class="method-heading">
          <a href="#M000076" class="method-signature">
          <span class="method-name">included</span><span class="method-args">(base)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Inclusion hook to make <a
href="AuthenticatedSystem.html#M000063">current_user</a> and logged_in?
available as ActionView helper methods.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000076-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000076-source">
<pre>
     <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 148</span>
148:     <span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">included</span>(<span class="ruby-identifier">base</span>)
149:       <span class="ruby-identifier">base</span>.<span class="ruby-identifier">send</span> <span class="ruby-identifier">:helper_method</span>, <span class="ruby-identifier">:current_user</span>, <span class="ruby-identifier">:logged_in?</span>
150:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <h3 class="section-bar">Protected Instance methods</h3>

      <div id="method-M000070" class="method-detail">
        <a name="M000070"></a>

        <div class="method-heading">
          <a href="#M000070" class="method-signature">
          <span class="method-name">access_denied</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Redirect as appropriate when an access request fails.
</p>
<p>
The default action is to redirect to the login screen.
</p>
<p>
Override this method in your controllers if you want to have special
behavior in case the user is not authorized to access the requested action.
For example, a popup window might simply close itself.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000070-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000070-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 82</span>
82:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">access_denied</span>
83:       <span class="ruby-identifier">respond_to</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">format</span><span class="ruby-operator">|</span>
84:         <span class="ruby-identifier">format</span>.<span class="ruby-identifier">html</span> <span class="ruby-keyword kw">do</span>
85:           <span class="ruby-identifier">store_location</span>
86:           <span class="ruby-identifier">flash</span>[<span class="ruby-identifier">:error</span>] = <span class="ruby-value str">&quot;You must be logged in to access this feature.&quot;</span>
87:           <span class="ruby-identifier">redirect_to</span> <span class="ruby-identifier">:controller</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value str">'/session'</span>, <span class="ruby-identifier">:action</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value str">'new'</span>
88:         <span class="ruby-keyword kw">end</span>
89:         <span class="ruby-identifier">format</span>.<span class="ruby-identifier">xml</span> <span class="ruby-keyword kw">do</span>
90:           <span class="ruby-identifier">request_http_basic_authentication</span> <span class="ruby-value str">'Web Password'</span>
91:         <span class="ruby-keyword kw">end</span>
92:       <span class="ruby-keyword kw">end</span>
93:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000065" class="method-detail">
        <a name="M000065"></a>

        <div class="method-heading">
          <a href="#M000065" class="method-signature">
          <span class="method-name">authorized?</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Check if the user is authorized
</p>
<p>
Override this method in your controllers if you want to restrict access to
only a few actions or if you want to check if the user has the correct
rights.
</p>
<p>
Example:
</p>
<pre>
 # only allow nonbobs
 def authorized?
   current_user.login != &quot;bob&quot;
 end
</pre>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000065-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000065-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 33</span>
33:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">authorized?</span>
34:       <span class="ruby-identifier">logged_in?</span>
35:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000069" class="method-detail">
        <a name="M000069"></a>

        <div class="method-heading">
          <a href="#M000069" class="method-signature">
          <span class="method-name">check_administrator_role</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000069-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000069-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 70</span>
70:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">check_administrator_role</span>
71:       <span class="ruby-identifier">check_role</span>(<span class="ruby-value str">'administrator'</span>)
72:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000068" class="method-detail">
        <a name="M000068"></a>

        <div class="method-heading">
          <a href="#M000068" class="method-signature">
          <span class="method-name">check_role</span><span class="method-args">(role)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000068-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000068-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 59</span>
59:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">check_role</span>(<span class="ruby-identifier">role</span>)
60:       <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">logged_in?</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-ivar">@current_user</span>.<span class="ruby-identifier">has_role?</span>(<span class="ruby-identifier">role</span>)
61:         <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">logged_in?</span>
62:           <span class="ruby-identifier">permission_denied</span>
63:         <span class="ruby-keyword kw">else</span>
64:           <span class="ruby-identifier">store_referer</span>
65:           <span class="ruby-identifier">access_denied</span>
66:         <span class="ruby-keyword kw">end</span>
67:       <span class="ruby-keyword kw">end</span>
68:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000063" class="method-detail">
        <a name="M000063"></a>

        <div class="method-heading">
          <a href="#M000063" class="method-signature">
          <span class="method-name">current_user</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Accesses the current user from the session. Set it to :false if login fails
so that future calls do not hit the database.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000063-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000063-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 11</span>
11:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">current_user</span>
12:       <span class="ruby-ivar">@current_user</span> <span class="ruby-operator">||=</span> (<span class="ruby-identifier">login_from_session</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">login_from_basic_auth</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">login_from_cookie</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">:false</span>)
13:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000064" class="method-detail">
        <a name="M000064"></a>

        <div class="method-heading">
          <a href="#M000064" class="method-signature">
          <span class="method-name">current_user=</span><span class="method-args">(new_user)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Store the given user id in the session.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000064-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000064-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 16</span>
16:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">current_user=</span>(<span class="ruby-identifier">new_user</span>)
17:       <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:user_id</span>] = (<span class="ruby-identifier">new_user</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">new_user</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Symbol</span>)) <span class="ruby-operator">?</span> <span class="ruby-keyword kw">nil</span> <span class="ruby-operator">:</span> <span class="ruby-identifier">new_user</span>.<span class="ruby-identifier">id</span>
18:       <span class="ruby-ivar">@current_user</span> = <span class="ruby-identifier">new_user</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">:false</span>
19:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000062" class="method-detail">
        <a name="M000062"></a>

        <div class="method-heading">
          <a href="#M000062" class="method-signature">
          <span class="method-name">logged_in?</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Returns true or false if the user is logged in. Preloads @<a
href="AuthenticatedSystem.html#M000063">current_user</a> with the user
model if they&#8216;re logged in.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000062-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000062-source">
<pre>
   <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 5</span>
5:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">logged_in?</span>
6:       <span class="ruby-identifier">current_user</span> <span class="ruby-operator">!=</span> <span class="ruby-identifier">:false</span>
7:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000078" class="method-detail">
        <a name="M000078"></a>

        <div class="method-heading">
          <a href="#M000078" class="method-signature">
          <span class="method-name">login_from_basic_auth</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Called from <a href="AuthenticatedSystem.html#M000063">current_user</a>.
Now, attempt to login by basic authentication information.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000078-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000078-source">
<pre>
     <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 158</span>
158:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">login_from_basic_auth</span>
159:       <span class="ruby-identifier">authenticate_with_http_basic</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">username</span>, <span class="ruby-identifier">password</span><span class="ruby-operator">|</span>
160:         <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">current_user</span> = <span class="ruby-constant">User</span>.<span class="ruby-identifier">authenticate</span>(<span class="ruby-identifier">username</span>, <span class="ruby-identifier">password</span>)
161:       <span class="ruby-keyword kw">end</span>
162:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000079" class="method-detail">
        <a name="M000079"></a>

        <div class="method-heading">
          <a href="#M000079" class="method-signature">
          <span class="method-name">login_from_cookie</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Called from <a href="AuthenticatedSystem.html#M000063">current_user</a>.
Finaly, attempt to login by an expiring token in the cookie.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000079-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000079-source">
<pre>
     <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 165</span>
165:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">login_from_cookie</span>
166:       <span class="ruby-identifier">user</span> = <span class="ruby-identifier">cookies</span>[<span class="ruby-identifier">:auth_token</span>] <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-constant">User</span>.<span class="ruby-identifier">find_by_remember_token</span>(<span class="ruby-identifier">cookies</span>[<span class="ruby-identifier">:auth_token</span>])
167:       <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">user</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">remember_token?</span>
168:         <span class="ruby-identifier">user</span>.<span class="ruby-identifier">remember_me</span>
169:         <span class="ruby-identifier">cookies</span>[<span class="ruby-identifier">:auth_token</span>] = { <span class="ruby-identifier">:value</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">remember_token</span>, <span class="ruby-identifier">:expires</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">user</span>.<span class="ruby-identifier">remember_token_expires_at</span> }
170:         <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">current_user</span> = <span class="ruby-identifier">user</span>
171:       <span class="ruby-keyword kw">end</span>
172:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000077" class="method-detail">
        <a name="M000077"></a>

        <div class="method-heading">
          <a href="#M000077" class="method-signature">
          <span class="method-name">login_from_session</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Called from <a href="AuthenticatedSystem.html#M000063">current_user</a>.
First attempt to login by the user id stored in the session.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000077-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000077-source">
<pre>
     <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 153</span>
153:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">login_from_session</span>
154:       <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">current_user</span> = <span class="ruby-constant">User</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">session</span>[<span class="ruby-identifier">:user_id</span>]) <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:user_id</span>]
155:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000066" class="method-detail">
        <a name="M000066"></a>

        <div class="method-heading">
          <a href="#M000066" class="method-signature">
          <span class="method-name">login_required</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Filter method to enforce a login requirement.
</p>
<p>
To require logins for all actions, use this in your controllers:
</p>
<pre>
  before_filter :login_required
</pre>
<p>
To require logins for specific actions, use this in your controllers:
</p>
<pre>
  before_filter :login_required, :only =&gt; [ :edit, :update ]
</pre>
<p>
To skip this in a subclassed controller:
</p>
<pre>
  skip_before_filter :login_required
</pre>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000066-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000066-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 51</span>
51:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">login_required</span>
52:       <span class="ruby-identifier">authorized?</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">access_denied</span>
53:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000067" class="method-detail">
        <a name="M000067"></a>

        <div class="method-heading">
          <a href="#M000067" class="method-signature">
          <span class="method-name">not_logged_in_required</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000067-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000067-source">
<pre>
    <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 55</span>
55:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">not_logged_in_required</span>
56:       <span class="ruby-operator">!</span><span class="ruby-identifier">logged_in?</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">permission_denied</span>
57:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000071" class="method-detail">
        <a name="M000071"></a>

        <div class="method-heading">
          <a href="#M000071" class="method-signature">
          <span class="method-name">permission_denied</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000071-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000071-source">
<pre>
     <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 95</span>
 95:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">permission_denied</span>      
 96:       <span class="ruby-identifier">respond_to</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">format</span><span class="ruby-operator">|</span>
 97:         <span class="ruby-identifier">format</span>.<span class="ruby-identifier">html</span> <span class="ruby-keyword kw">do</span>
 98:           <span class="ruby-comment cmt">#Put your domain name here ex. http://www.example.com </span>
 99:           <span class="ruby-identifier">domain_name</span> = <span class="ruby-value str">&quot;http://localhost:3000&quot;</span>
100:           <span class="ruby-identifier">http_referer</span> = <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:refer_to</span>]
101:           <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">http_referer</span>.<span class="ruby-identifier">nil?</span>
102:             <span class="ruby-identifier">store_referer</span>
103:             <span class="ruby-identifier">http_referer</span> = ( <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:refer_to</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">domain_name</span> )
104:           <span class="ruby-keyword kw">end</span>
105:           <span class="ruby-identifier">flash</span>[<span class="ruby-identifier">:error</span>] = <span class="ruby-value str">&quot;You don't have permission to complete that action.&quot;</span>
106:           <span class="ruby-comment cmt">#The [0..20] represents the 21 characters in http://localhost:3000</span>
107:           <span class="ruby-comment cmt">#You have to set that to the number of characters in your domain name </span>
108:           <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">http_referer</span>[<span class="ruby-value">0</span><span class="ruby-operator">..</span><span class="ruby-value">20</span>] <span class="ruby-operator">!=</span> <span class="ruby-identifier">domain_name</span>   
109:             <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:refer_to</span>] = <span class="ruby-keyword kw">nil</span>
110:             <span class="ruby-identifier">redirect_to</span> <span class="ruby-identifier">root_path</span>
111:           <span class="ruby-keyword kw">else</span>
112:             <span class="ruby-identifier">redirect_to_referer_or_default</span>(<span class="ruby-identifier">root_path</span>)   
113:           <span class="ruby-keyword kw">end</span>
114:         <span class="ruby-keyword kw">end</span>
115:         <span class="ruby-identifier">format</span>.<span class="ruby-identifier">xml</span> <span class="ruby-keyword kw">do</span>
116:           <span class="ruby-identifier">headers</span>[<span class="ruby-value str">&quot;Status&quot;</span>]           = <span class="ruby-value str">&quot;Unauthorized&quot;</span>
117:           <span class="ruby-identifier">headers</span>[<span class="ruby-value str">&quot;WWW-Authenticate&quot;</span>] = <span class="ruby-value str">%(Basic realm=&quot;Web Password&quot;)</span>
118:           <span class="ruby-identifier">render</span> <span class="ruby-identifier">:text</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value str">&quot;You don't have permission to complete this action.&quot;</span>, <span class="ruby-identifier">:status</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value str">'401 Unauthorized'</span>
119:         <span class="ruby-keyword kw">end</span>
120:       <span class="ruby-keyword kw">end</span>
121:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000074" class="method-detail">
        <a name="M000074"></a>

        <div class="method-heading">
          <a href="#M000074" class="method-signature">
          <span class="method-name">redirect_back_or_default</span><span class="method-args">(default)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Redirect to the URI stored by the most recent <a
href="AuthenticatedSystem.html#M000072">store_location</a> call or to the
passed default.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000074-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000074-source">
<pre>
     <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 136</span>
136:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">redirect_back_or_default</span>(<span class="ruby-identifier">default</span>)
137:       <span class="ruby-identifier">redirect_to</span>(<span class="ruby-identifier">session</span>[<span class="ruby-identifier">:return_to</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">default</span>)
138:       <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:return_to</span>] = <span class="ruby-keyword kw">nil</span>
139:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000075" class="method-detail">
        <a name="M000075"></a>

        <div class="method-heading">
          <a href="#M000075" class="method-signature">
          <span class="method-name">redirect_to_referer_or_default</span><span class="method-args">(default)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000075-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000075-source">
<pre>
     <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 141</span>
141:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">redirect_to_referer_or_default</span>(<span class="ruby-identifier">default</span>)
142:       <span class="ruby-identifier">redirect_to</span>(<span class="ruby-identifier">session</span>[<span class="ruby-identifier">:refer_to</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">default</span>)
143:       <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:refer_to</span>] = <span class="ruby-keyword kw">nil</span>
144:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000072" class="method-detail">
        <a name="M000072"></a>

        <div class="method-heading">
          <a href="#M000072" class="method-signature">
          <span class="method-name">store_location</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Store the URI of the current request in the session.
</p>
<p>
We can return to this location by calling <a
href="AuthenticatedSystem.html#M000074">redirect_back_or_default</a>.
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000072-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000072-source">
<pre>
     <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 126</span>
126:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">store_location</span>
127:       <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:return_to</span>] = <span class="ruby-identifier">request</span>.<span class="ruby-identifier">request_uri</span>
128:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000073" class="method-detail">
        <a name="M000073"></a>

        <div class="method-heading">
          <a href="#M000073" class="method-signature">
          <span class="method-name">store_referer</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000073-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000073-source">
<pre>
     <span class="ruby-comment cmt"># File lib/authenticated_system.rb, line 130</span>
130:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">store_referer</span>
131:       <span class="ruby-identifier">session</span>[<span class="ruby-identifier">:refer_to</span>] = <span class="ruby-identifier">request</span>.<span class="ruby-identifier">env</span>[<span class="ruby-value str">&quot;HTTP_REFERER&quot;</span>]
132:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>


    </div>


  </div>


<div id="validator-badges">
  <p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
</div>

</body>
</html>